CVE-2019-1010220

2019-07-2218:15:11

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

56.9%

JSON

tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: “ND_PRINT((ndo, “%s”, buf));”, in function named “print_prefix”, in “print-hncp.c”. The attack vector is: The victim must open a specially crafted pcap file.

OSVersionArchitecturePackageVersionFilename
Debian12alltcpdump<= 4.99.3-1tcpdump_4.99.3-1_all.deb
Debian11alltcpdump<= 4.99.0-2+deb11u1tcpdump_4.99.0-2+deb11u1_all.deb
Debian999alltcpdump<= 4.99.4-4tcpdump_4.99.4-4_all.deb
Debian13alltcpdump<= 4.99.4-4tcpdump_4.99.4-4_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	tcpdump	<= 4.99.3-1	tcpdump_4.99.3-1_all.deb
Debian	11	all	tcpdump	<= 4.99.0-2+deb11u1	tcpdump_4.99.0-2+deb11u1_all.deb
Debian	999	all	tcpdump	<= 4.99.4-4	tcpdump_4.99.4-4_all.deb
Debian	13	all	tcpdump	<= 4.99.4-4	tcpdump_4.99.4-4_all.deb